I did the easy part now you do the hard part; follow dot points.
* * * 80 Thank you comments * * *

Thursday, October 30, 2008

Super Browser Hijacker Attack

Recently, My Laptop's Vista partition has been hacked at by a Virus that hijacks my browsers both FireFox and Internet Explorer.

Hijacking involves something like:

* When you hit a result in Google it opens to a new advertising related website
* You can't type in and hit enter some websites
* It is hard to download as all links in the browser are redirected to some other search engine (non-genuine) or some advert web site.

This was a scary experience for me as it showed that my usual trust applications could not find let alone attack and save me from this nasty.

My usual trust apps found some problems but none found the virus that's causing this web havoc:

* Spy Bot S&D
* Avast AV
* Ad-Aware
* Commodo Firewall
* Vista Windows Defender


* Use Google to find a web page say for solutions to this hijacker, and then use the cached pages, for my virus i found it was scared of google

* Use Google translator and paste in the web link and then use non-English ---> English for English websites, using Google Translator seems to proxy through somewhere avoiding the redirects

* Use a different computer and download/search problem resolutions (Most effective)

SOLUTIONS (Possible)

Download an excellent software called Malwarebytes Anti-Malware

Installed it and with only a quick scan it fixed my problem, so far (Hoping it will stay this way after a reboot)

BTW the virus that got me was called "Trojan.Agent" according to the software scan results.

I got my information from:

Please upgrade to the Pro version cause this is seriously the best detection tool, its a keeper.
Will do a review on it after i see how the reboot goes.

Example hijack redirect destinations

http://go.google.com http://bridge1.admarketplace.net Myaussiesearch.com http://www.theglobalsearchengine.com http://www.clicktosee.com.au
http://analystspecies.info/search.php? http://impactmedicine.info
http://questionnaire-guardian.info http://blow-operation.info http://ranksupplement.info
http://classroom-lot.info http://festival-gaze.info
http://revenue-classification.info http://4yousauce.info
http://banfuture.info/search.php? http://condition-draft.info
http://abuseobstacle.info http://biassickness.info

Some More Info, Google : "trojan.agent redirects", no "" required

Registry keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata


The problem i found i had was i only knew the websites it was redirecting me to and had no idea about the name of virus so couldn't get rid of it. Please save some website addresses you've been redirected to and post them here for future reference to others (if you've been attacked by the same kind of virus, thansk).

No comments:

Post a Comment